Understanding the security risks of docker hub

Peiyu Liu, Shouling Ji, Lirong Fu, Kangjie Lu, Xuhong Zhang, Wei Han Lee, Tao Lu, Wenzhi Chen, Raheem Beyah

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Docker has become increasingly popular because it provides efficient containers that are directly run by the host kernel. Docker Hub is one of the most popular Docker image repositories. Millions of images have been downloaded from Docker Hub billions of times. However, in the past several years, a number of high-profile attacks that exploit this key channel of image distribution have been reported. It is still unclear what security risks the new ecosystem brings. In this paper, we reveal, characterize, and understand the security issues with Docker Hub by performing the first large-scale analysis. First, we uncover multiple security-critical aspects of Docker images with an empirical but comprehensive analysis, covering sensitive parameters in run-commands, the executed programs in Docker images, and vulnerabilities in contained software. Second, we conduct a large-scale and in-depth security analysis against Docker images. We collect 2,227,244 Docker images and the associated meta-information from Docker Hub. This dataset enables us to discover many insightful findings. (1) run-commands with sensitive parameters expose disastrous harm to users and the host, such as the leakage of host files and display, and denial-of-service attacks to the host. (2) We uncover 42 malicious images that can cause attacks such as remote code execution and malicious cryptomining. (3) Vulnerability patching of software in Docker images is significantly delayed or even ignored. We believe that our measurement and analysis serves as an important first-step study on the security issues with Docker Hub, which calls for future efforts on the protection of the new Docker ecosystem.

Original languageEnglish (US)
Title of host publicationComputer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings
EditorsLiqun Chen, Steve Schneider, Ninghui Li, Kaitai Liang
PublisherSpringer Science and Business Media Deutschland GmbH
Pages257-276
Number of pages20
ISBN (Print)9783030589509
DOIs
StatePublished - 2020
Event25th European Symposium on Research in Computer Security, ESORICS 2020 - Guildford, United Kingdom
Duration: Sep 14 2020Sep 18 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12308 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference25th European Symposium on Research in Computer Security, ESORICS 2020
CountryUnited Kingdom
CityGuildford
Period9/14/209/18/20

Bibliographical note

Funding Information:
Acknowledgements. This work was partly supported by the Zhejiang Provincial Natural Science Foundation for Distinguished Young Scholars under No. LR19F020003, the National Key Research and Development Program of China under No. 2018YFB0804102, NSFC under No. 61772466, U1936215, and U1836202, the Zhe-jiang Provincial Key R&D Program under No. 2019C01055, and the Ant Financial Research Funding.

Fingerprint Dive into the research topics of 'Understanding the security risks of docker hub'. Together they form a unique fingerprint.

Cite this